Email security provider Vade Secure released another
phishing report following the 25 most 'spoofed' brands in North America that
are imitated in phishing attacks. Amongst them the top three are Microsoft,
Netflix and PayPal.
Out of all the 86 brands that were tracked, 96% of
them all were done so by the company as per their Q3 2018 report.
Bank of America and Wells Fargo are not so far
behind Microsoft and the other top 2 targets in this case as there has been an
increase in these phishing attacks by approximately 20.4% as reported by Vade
Secure. As the attackers attempt to access Office 365, One Drive, and Azure
credentials their focus has been towards cloud based services as well as
financial companies.
Vade Secure's report states - "The primary goal
of Microsoft phishing attacks is to harvest Office 365 credentials. With a
single set of credentials, hackers can gain access to a treasure trove of
confidential files, data, and contacts stored in Office 365 apps, such as
SharePoint, One Drive, Skype, Excel, CRM, etc. Moreover, hackers can use these
compromised Office 365 accounts to launch additional attacks, including spear
phishing, malware, and, increasingly, insider attacks targeting other users
within the same organization."
The attackers, through a feeling of urgency endeavor
to show that the recipient's account has been suspended or so thus inciting
them to login in order to determine the issue, this happens in the case of
Office 365 phishing emails. By doing this though they expect for the victims to
be less wary when entering their credentials.
Exceptionally compelling is that attackers have a
tendency to pursue a pattern with respect to what days they send the most
volume of phishing mails. As per the report, most business related attacks tend
to happen amid the week with Tuesday and Thursday being the most popular days.
For Netflix though, the most focused on days are Sunday because that is the
time when users' are taking a backseat and indulge in some quality television.
As these attacks become more targeted Vade Secure’s
report further states – "What should be more concerning to security
professionals is that phishing attacks are becoming more targeted. When we
correlated the number of phishing URLs against the number of phishing emails
blocked by our filter engine, we found that the number of emails sent per URL
dropped more than 64% in Q3. This suggests that hackers are using each URL in
fewer emails in order to avoid by reputation-based security defenses. In fact,
we’ve seen sophisticated phishing attacks where each email contains a unique
URL, essentially guaranteeing that they will bypass traditional email security
tools."
For the users' however , it is advised to dependably
examine a site before entering any login details and if there are any occurrences
of the URL seeming abnormal or even something as minor as a language blunders
then they should report the issue directly to either the administrator or the
company itself.
